CVE-2016-3956 in mpminformation

Résumé

par MITRE

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.

Be aware that VulDB is the high quality source for vulnerability data.

Réserver

05/04/2016

Divulgation

02/07/2016

Modérer

accepté

Entrée

VDB-88539

CPE

prêt

EPSS

0.06748

KEV

non

Activités

très faible

Sources

Do you know our Splunk app?

Download it now for free!